fix(SSLManager): Fixed regression introduced in PR #4103, fixes #4421

This commit is contained in:
Matej Kenda 2024-01-30 23:01:48 +01:00
parent 47951f507e
commit 99906d5d7a
3 changed files with 50 additions and 9 deletions

View File

@ -76,8 +76,8 @@ const bool SSLManager::VAL_FIPS_MODE(false);
SSLManager::SSLManager():
_contextIndex(SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL)),
_socketIndex(SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL))
_contextIndex(SSL_CTX_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr)),
_socketIndex(SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr))
{
}
@ -100,9 +100,8 @@ void SSLManager::shutdown()
PrivateKeyPassphraseRequired.clear();
ClientVerificationError.clear();
ServerVerificationError.clear();
_ptrDefaultServerContext = 0;
_ptrDefaultClientContext = 0;
_socketIndex = _contextIndex = -1;
_ptrDefaultServerContext = nullptr;
_ptrDefaultClientContext = nullptr;
}
@ -290,7 +289,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
return ocspVerifyFlag ? 0 : 1;
}
OCSP_RESPONSE* pOcspResp = d2i_OCSP_RESPONSE(NULL, &pResp, len);
OCSP_RESPONSE* pOcspResp = d2i_OCSP_RESPONSE(nullptr, &pResp, len);
if (!pOcspResp) return 0;
if (OCSP_response_status(pOcspResp) != OCSP_RESPONSE_STATUS_SUCCESSFUL)
@ -314,7 +313,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
return 0;
}
X509* pPeerIssuerCert = NULL;
X509* pPeerIssuerCert = nullptr;
STACK_OF(X509)* pCertChain = SSL_get_peer_cert_chain(pSSL);
unsigned certChainLen = sk_X509_num(pCertChain);
for (int i= 0; i < certChainLen ; i++)
@ -345,7 +344,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
{
X509_free(pCert);
sk_X509_free(pCerts);
pCerts = NULL;
pCerts = nullptr;
}
}
@ -363,7 +362,7 @@ int SSLManager::verifyOCSPResponseCallback(SSL* pSSL, void* arg)
return 0;
}
OCSP_CERTID* pCertId = OCSP_cert_to_id(NULL, pPeerCert, pPeerIssuerCert);
OCSP_CERTID* pCertId = OCSP_cert_to_id(nullptr, pPeerCert, pPeerIssuerCert);
if (!pCertId)
{
X509_free(pPeerCert);

View File

@ -25,6 +25,8 @@
#include "Poco/Net/Session.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/SSLException.h"
#include "Poco/Net/AcceptCertificateHandler.h"
#include "Poco/Net/PrivateKeyPassphraseHandler.h"
#include "Poco/Util/Application.h"
#include "Poco/Util/AbstractConfiguration.h"
#include "Poco/StreamCopier.h"
@ -285,6 +287,44 @@ void HTTPSClientSessionTest::testKeepAlive()
}
void HTTPSClientSessionTest::testMultipleSSLInit()
{
auto initSSL = []()
{
initializeSSL();
Poco::SharedPtr<InvalidCertificateHandler> ptrCert = new AcceptCertificateHandler(false);
Context::Ptr context(new Context(Context::CLIENT_USE, "", "", "",
Context::VerificationMode::VERIFY_STRICT, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
)
);
SSLManager::instance().initializeClient(0, ptrCert, context);
};
auto deinitSSL = []()
{
uninitializeSSL();
};
try
{
initSSL();
deinitSSL();
initSSL();
HTTPSClientSession session("secure.appinf.com");
HTTPRequest request(HTTPRequest::HTTP_GET, "", HTTPMessage::HTTP_1_1);
(void)session.sendRequest(request);
deinitSSL();
}
catch(...)
{
failmsg("Double SSL init failed");
}
}
void HTTPSClientSessionTest::testInterop()
{
HTTPSClientSession s("secure.appinf.com");
@ -459,6 +499,7 @@ CppUnit::Test* HTTPSClientSessionTest::suite()
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostLargeChunked);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testPostLargeChunkedKeepAlive);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testKeepAlive);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testMultipleSSLInit);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testInterop);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testProxy);
CppUnit_addTest(pSuite, HTTPSClientSessionTest, testCachedSession);

View File

@ -34,6 +34,7 @@ public:
void testPostLargeChunkedKeepAlive();
void testKeepAlive();
void testInterop();
void testMultipleSSLInit();
void testProxy();
void testCachedSession();
void testUnknownContentLength();